Vulnerabilities > Pfsense

DATE CVE VULNERABILITY TITLE RISK
2022-01-26 CVE-2022-23993 Cross-site Scripting vulnerability in Pfsense and Pfsense Plus
/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $_REQUEST['pkg_filter'] in a PHP echo call, causing XSS.
network
low complexity
pfsense CWE-79
6.1
6.1
2021-06-01 CVE-2020-26693 Cross-site Scripting vulnerability in Pfsense 2.4.5
A stored cross-site scripting (XSS) vulnerability was discovered in pfSense 2.4.5-p1 which allows an authenticated attacker to execute arbitrary web scripts via exploitation of the load_balancer_monitor.php function.
network
low complexity
pfsense CWE-79
5.4
5.4
2021-04-28 CVE-2021-27933 Cross-site Scripting vulnerability in Pfsense 2.5.0
pfSense 2.5.0 allows XSS via the services_wol_edit.php Description field.
network
low complexity
pfsense CWE-79
6.1
6.1
2019-11-02 CVE-2019-18667 Cross-site Scripting vulnerability in Pfsense Pfsense-Pkg-Freeradius3
/usr/local/www/freeradius_view_config.php in the freeradius3 package before 0.15.7_3 for pfSense on FreeBSD allows a user with an XSS payload as password or username to execute arbitrary javascript code on a victim browser.
network
low complexity
pfsense CWE-79
6.1
6.1
2018-01-22 CVE-2016-10709 OS Command Injection vulnerability in Pfsense 2.2.6
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
network
low complexity
pfsense CWE-78
8.8
8.8